CIS Google Chrome L1 v2.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Chrome L1 v2.0.0

Updated: 2/8/2022

Authority: CIS

Plugin: Windows

Revision: 1.5

Estimated Item Count: 61

Audit Items

DescriptionCategories
1.1.1 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.1.2 Ensure 'Allow gnubby authentication for remote access hosts' is set to 'Disabled'.

ACCESS CONTROL

1.1.3 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'.

CONFIGURATION MANAGEMENT

1.2 Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.3 Ensure 'Ask where to save each file before downloading' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.4 Ensure 'Disable saving browser history' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.5 Ensure 'Enable HTTP/0.9 support on non-default ports' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.6 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.7 Ensure 'Enable deprecated web platform features for a limited time' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.8 Ensure 'Enable third party software injection blocking' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.9 Ensure 'Extend Flash content setting to all content' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.10 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.11 Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION

1.12 Ensure 'Allow WebDriver to Override Incompatible Policies' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.13 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled' with value 'Do not filter sites for adult content' specified

CONFIGURATION MANAGEMENT

1.14 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.15 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.16 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.17 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.1 Ensure 'Default Flash Setting' is set to 'Enabled' (Click to Play)

SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure 'Configure extension installation blacklist' is set to 'Enabled' ('*' for all extensions)

SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension', 'hosted_app', 'platform_app', 'theme' specified - 'extension'

CONFIGURATION MANAGEMENT

2.6 Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension', 'hosted_app', 'platform_app', 'theme' specified - 'hosted_app'

CONFIGURATION MANAGEMENT

2.6 Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension', 'hosted_app', 'platform_app', 'theme' specified - 'platform_app'

CONFIGURATION MANAGEMENT

2.6 Ensure 'Configure allowed app/extension types' is set to 'Enabled' with the values 'extension', 'hosted_app', 'platform_app', 'theme' specified - 'theme'

CONFIGURATION MANAGEMENT

2.8 Ensure 'Enable saving passwords to the password manager' is Configured

CONFIGURATION MANAGEMENT

2.9 Ensure 'Supported authentication schemes' is set to 'Enabled' (ntlm, negotiate)

ACCESS CONTROL

2.10 Ensure 'Choose how to specify proxy server settings' is not set to 'Enabled' with 'Auto detect proxy settings'

CONFIGURATION MANAGEMENT

2.11 Ensure 'Allow running plugins that are outdated' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

2.12 Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'

ACCESS CONTROL

2.13 Ensure 'Enable Site Isolation for every site' is set to 'Enabled'

ACCESS CONTROL

2.14 Ensure 'Allow download restrictions' is set to 'Enabled' with 'Block dangerous downloads' specified.

SYSTEM AND COMMUNICATIONS PROTECTION

2.15 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'

CONFIGURATION MANAGEMENT

2.16 Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled' with 'Show a recurring prompt to the user indication that a relaunch is required' specified

CONFIGURATION MANAGEMENT

2.17 Ensure 'Set the time period for update notifications' is set to 'Enabled' with '86400000' (1 day) specified

CONFIGURATION MANAGEMENT

2.19 Ensure 'Enable Chrome Cleanup on Windows' is Configured

CONFIGURATION MANAGEMENT

2.21 Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified

CONFIGURATION MANAGEMENT

3.2 Ensure 'Default geolocation setting' is set to 'Enabled' with 'Do not allow any site to track the users' physical location'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3 Ensure 'Enable Google Cast' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.4 Ensure 'Block third party cookies' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

3.5 Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.6 Ensure 'Control how Chrome Cleanup reports data to Google' is set to 'Disabled'

AUDIT AND ACCOUNTABILITY

3.7 Ensure 'Browser sign in settings' is set to 'Enabled' with 'Disabled browser sign-in' specified

ACCESS CONTROL

3.8 Ensure 'Enable Translate' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.9 Ensure 'Enable network prediction' is set to 'Enabled' with 'Do not predict actions on any network connection' selected

CONFIGURATION MANAGEMENT

3.10 Ensure 'Enable search suggestions' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.11 Ensure 'Enable or disable spell checking web service' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.12 Ensure 'Enable alternate error pages' is set to 'Disabled'

CONFIGURATION MANAGEMENT

3.13 Ensure 'Disable synchronization of data with Google' is set to 'Enabled'

ACCESS CONTROL

3.14 Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled'

CONFIGURATION MANAGEMENT